Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a competition between the fwlog module for user operations and for debugging purposes. This...

PT-2026-39494

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

CVE-2022-50940

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

CVE-2019-18664

The Log module in SECUDOS DOMOS before 5.6 allows XSS...

CVE-2019-18665

The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion...

CVE-2020-24038

myFax version 229 logs sensitive information in the export log module which allows any user to access critical information...

EUVD-2023-0382

Malicious code in bioql PyPI...

EUVD-2022-7324

Malicious code in bioql PyPI...

CVE-2024-27896

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity...

CVE-2023-22733

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issu...

CVE-2020-36608

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...

CVE-2025-22978

eladmin =2.7 is vulnerable to CSV Injection in the exception log download module...

Cross-Site Request Forgery (CSRF)

typo3/cms-belog is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the backend user interface functionality involving deep links, which allows state-changing actions via HTTP GET without enforcing the appropriate HTTP method and allows an attacker to exploit the “Log...

CVE-2024-55893

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55893

TYPO3 CVE-2024-55893 is a CSRF vulnerability in the backend UI deep-link handling and in the Log Module that can let an attacker remove log entries. Exploitation requires an active session and a user interaction with a malicious URL, aided by misconfigurations: security.backend.enforceReferrer di...

CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

TYPO3 Cross-Site Request Forgery in Log Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

GHSA-CJFR-9F5R-3Q93 TYPO3 Cross-Site Request Forgery in Log Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...